The Shared Security Podcast   /     Kia Security Flaw Exposed, NIST’s New Password Guidelines

Description

In this episode, the hosts discuss a significant vulnerability found in Kia’s web portal that allows remote control of various car features via their app, potentially enabling unauthorized unlocking and tracking. The conversation highlights the broader issue of web vulnerabilities in the automotive industry. Also covered are NIST’s updated password guidelines, eliminating complexity rules and […] The post Kia Security Flaw Exposed, NIST’s New Password Guidelines appeared first on Shared Security Podcast.

Summary

In this episode, the hosts discuss a significant vulnerability found in Kia's web portal that allows remote control of various car features via their app, potentially enabling unauthorized unlocking and tracking. The conversation highlights the broader issue of web vulnerabilities in the automotive industry. Also covered are NIST's updated password guidelines, eliminating complexity rules and periodic resets, emphasizing the importance of MFA. The episode features insights from co-host Kevin Johnson, covering both technical flaws and the security community's perspectives on these evolving issues.

Subtitle
A significant vulnerability found in Kia's web portal that allows remote control of various car features via their app, and NIST's updated password guidelines, eliminating complexity rules and periodic resets.
Duration
22:29
Publishing date
2024-10-07 04:00
Link
https://sharedsecurity.net/2024/10/07/kia-security-flaw-exposed-nists-new-password-guidelines/
Contributors
  Tom Eston, Kevin Johnson
author  
Enclosures
https://traffic.libsyn.com/socialmediasec/Shared_Security_E349.mp3
audio/mpeg

Shownotes

In this episode, the hosts discuss a significant vulnerability found in Kia’s web portal that allows remote control of various car features via their app, potentially enabling unauthorized unlocking and tracking. The conversation highlights the broader issue of web vulnerabilities in the automotive industry. Also covered are NIST’s updated password guidelines, eliminating complexity rules and periodic resets, emphasizing the importance of MFA. The episode features insights from co-host Kevin Johnson, covering both technical flaws and the security community’s perspectives on these evolving issues.

** Links mentioned on the show **

Millions of Vehicles Could Be Hacked and Tracked Thanks to a Simple Website Bug
https://www.wired.com/story/kia-web-vulnerability-vehicle-hack-track/
https://samcurry.net/hacking-kia

NIST: No More Regular Password Resets and Arbitrary Complexity Rules
https://www.vulnu.com/p/nist-no-more-regular-password-resets-and-arbitrary-complexity-rules

** Watch this episode on YouTube **

https://youtu.be/b5xvgfxIEb0

** Become a Shared Security Supporter **

Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity

Get our new Shared Security Podcast glitter stickers!
https://sharedsecurity.net/stickers

** Thank you to our sponsors! **

SLNT

Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”.

Click Armor

To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Watch and Subscribe on Odysee (YouTube alternative)
https://odysee.com/@SharedSecurity:c

Follow us on Mastodon: https://infosec.exchange/@sharedsecurity

Follow us on X: https://twitter.com/sharedsec

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

Contact us: https://sharedsecurity.net/contact

The post Kia Security Flaw Exposed, NIST’s New Password Guidelines appeared first on Shared Security Podcast.